China-Nexus Actor Targets US Defense, AI, and Medical Research

    Tuesday, June 16, 2026 In: Threat Research Print

    Date: 06/16/2026

    Severity: High

    Summary

    A PRC-nexus threat actor, UNC6508, targeted North American academic, medical, and military research institutions. The sophisticated campaign remained entirely undetected within target networks for over a year. Attackers initially breached networks by compromising externally facing web applications. They deployed bespoke malware and pivoted internally, using administrative tools for covert data exfiltration. Stolen data included sensitive defense intelligence, Indo-Pacific command operations, and cyber offensive programs. Broad collection efforts also targeted advancements in artificial intelligence, uncrewed vehicles, and medical research.

    Indicators of Compromise (IOC) List

    IP Address  : 

    23.169.65.49

    Hash : 

    ba6b73b0ca0dc7f86b3b397893ac32d729fd53f9df20643288f141f29d020af7

    db65c1b9f9e4cb4d729f45ad4b6fcf3e277caf9eb4c875425dec93fd883f9136

    c1ac43d23f89d41eb4ff131678ab562ab2cfed9aa334b13767ef141d303b0e5b

    8f0158855a656b629ca76ebca565f18bc25563ded34b65d6771632c20edb68ec

    51a57bfc9ed3eb6451c1c289607814d59e1698c666fb97ac5f694c398f23d045

    4efbef69eb3b09bacff892d6a55778d07c418e7f15eba3cf1245e8cdfd8dda0b

    58bb25777e0aa86bcd2125101e0bca4e8732b03d91bd8d2f205b446a2a8d5c86

    Host Indicator : 

    B49e334d-9c01-463e-9bc5-00a6920fb66e

    xc32038474a

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection  

    Detection Query 1 :

    dstipaddress IN ("23.169.65.49") or srcipaddress IN ("23.169.65.49")

    Detection Query 2 :

    sha256hash IN ("ba6b73b0ca0dc7f86b3b397893ac32d729fd53f9df20643288f141f29d020af7","db65c1b9f9e4cb4d729f45ad4b6fcf3e277caf9eb4c875425dec93fd883f9136","c1ac43d23f89d41eb4ff131678ab562ab2cfed9aa334b13767ef141d303b0e5b","8f0158855a656b629ca76ebca565f18bc25563ded34b65d6771632c20edb68ec","51a57bfc9ed3eb6451c1c289607814d59e1698c666fb97ac5f694c398f23d045","4efbef69eb3b09bacff892d6a55778d07c418e7f15eba3cf1245e8cdfd8dda0b","58bb25777e0aa86bcd2125101e0bca4e8732b03d91bd8d2f205b446a2a8d5c86")

    Reference:    

    https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research 


    Tags

    MalwareThreat ActorChina-NexusPRC-NexusNorth AmericaHealthcare and Public HealthCritical InfrastructureEducationCommunicationsExfiltrationAIData Stealer

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.